Security News > 2022 > April > Malicious web redirect service infects 16,500 sites to push malware
Parrot's use is for malicious campaigns to redirect potential victims matching a specific profile to online resources such as phishing and malware-dropping sites.
Threat actors running malicious campaigns buy TDS services to filter incoming traffic and send it to a final destination serving malicious content.
Threat actors have planted a malicious web shell on compromised servers and copied it to various locations under similar names that follow a "Parroting" pattern.
As Avast details in the report, the particular campaign's user profile and filtering are so fine-tuned that the malicious actors can target a specific person from thousands of redirected users.
While the RAT campaign is currently the main operation served by the Parrot TDS, Avast analysts have also noticed several infected servers hosting phishing sites.
Check for automatically running tasks on the web server like cron jobs.